Fantasyy | 24.06.2013 13:05 | Trojaner TR/Bublik.I.16, TR/Bublik.I.12 und EXP/CVE-2012-1723.PD Hallo!
Habe heute einen kompletten Systemscan mit Avira gemacht, nachdem der Echtzeitscan von Avira Alarm geschlagen hat.
Es wurden 3 Dateien gefunden und Avira hat diese in Quarantäne verschoben
Log: Code:
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 24. Juni 2013 11:47
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 8
Windowsversion : (plain) [6.2.9200]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : BJÖRN-LAPTOP
Versionsinformationen:
BUILD.DAT : 13.0.0.3736 54853 Bytes 14.06.2013 14:40:00
AVSCAN.EXE : 13.6.0.1722 634936 Bytes 24.06.2013 09:20:53
AVSCANRC.DLL : 13.6.0.1550 62520 Bytes 24.06.2013 09:20:53
LUKE.DLL : 13.6.0.1550 65080 Bytes 24.06.2013 09:21:19
AVSCPLR.DLL : 13.6.0.1712 92216 Bytes 24.06.2013 09:20:53
AVREG.DLL : 13.6.0.1550 247864 Bytes 24.06.2013 09:20:52
avlode.dll : 13.6.2.1704 449592 Bytes 24.06.2013 09:20:50
avlode.rdf : 13.0.1.18 26349 Bytes 21.06.2013 13:02:02
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 09:12:59
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 16:55:09
VBASE002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 15:36:45
VBASE003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 13:02:00
VBASE004.VDF : 7.11.85.215 2048 Bytes 21.06.2013 13:02:00
VBASE005.VDF : 7.11.85.216 2048 Bytes 21.06.2013 13:02:00
VBASE006.VDF : 7.11.85.217 2048 Bytes 21.06.2013 13:02:00
VBASE007.VDF : 7.11.85.218 2048 Bytes 21.06.2013 13:02:00
VBASE008.VDF : 7.11.85.219 2048 Bytes 21.06.2013 13:02:01
VBASE009.VDF : 7.11.85.220 2048 Bytes 21.06.2013 13:02:01
VBASE010.VDF : 7.11.85.221 2048 Bytes 21.06.2013 13:02:01
VBASE011.VDF : 7.11.85.222 2048 Bytes 21.06.2013 13:02:01
VBASE012.VDF : 7.11.85.223 2048 Bytes 21.06.2013 13:02:01
VBASE013.VDF : 7.11.85.224 2048 Bytes 21.06.2013 13:02:01
VBASE014.VDF : 7.11.86.93 870400 Bytes 24.06.2013 09:20:43
VBASE015.VDF : 7.11.86.94 2048 Bytes 24.06.2013 09:20:43
VBASE016.VDF : 7.11.86.95 2048 Bytes 24.06.2013 09:20:43
VBASE017.VDF : 7.11.86.96 2048 Bytes 24.06.2013 09:20:43
VBASE018.VDF : 7.11.86.97 2048 Bytes 24.06.2013 09:20:43
VBASE019.VDF : 7.11.86.98 2048 Bytes 24.06.2013 09:20:43
VBASE020.VDF : 7.11.86.99 2048 Bytes 24.06.2013 09:20:43
VBASE021.VDF : 7.11.86.100 2048 Bytes 24.06.2013 09:20:43
VBASE022.VDF : 7.11.86.101 2048 Bytes 24.06.2013 09:20:43
VBASE023.VDF : 7.11.86.102 2048 Bytes 24.06.2013 09:20:43
VBASE024.VDF : 7.11.86.103 2048 Bytes 24.06.2013 09:20:43
VBASE025.VDF : 7.11.86.104 2048 Bytes 24.06.2013 09:20:43
VBASE026.VDF : 7.11.86.105 2048 Bytes 24.06.2013 09:20:43
VBASE027.VDF : 7.11.86.106 2048 Bytes 24.06.2013 09:20:43
VBASE028.VDF : 7.11.86.107 2048 Bytes 24.06.2013 09:20:44
VBASE029.VDF : 7.11.86.108 2048 Bytes 24.06.2013 09:20:44
VBASE030.VDF : 7.11.86.109 2048 Bytes 24.06.2013 09:20:44
VBASE031.VDF : 7.11.86.112 2048 Bytes 24.06.2013 09:20:44
Engineversion : 8.2.12.66
AEVDF.DLL : 8.1.3.4 102774 Bytes 13.06.2013 14:11:48
AESCRIPT.DLL : 8.1.4.124 487806 Bytes 20.06.2013 08:44:23
AESCN.DLL : 8.1.10.4 131446 Bytes 26.03.2013 18:12:01
AESBX.DLL : 8.2.5.12 606578 Bytes 28.08.2012 15:58:06
AERDL.DLL : 8.2.0.128 688504 Bytes 13.06.2013 14:11:48
AEPACK.DLL : 8.3.2.24 749945 Bytes 20.06.2013 08:44:23
AEOFFICE.DLL : 8.1.2.60 205181 Bytes 18.06.2013 17:03:52
AEHEUR.DLL : 8.1.4.426 5951866 Bytes 20.06.2013 08:44:22
AEHELP.DLL : 8.1.27.2 266617 Bytes 04.06.2013 15:47:33
AEGEN.DLL : 8.1.7.4 442741 Bytes 08.05.2013 13:03:06
AEEXP.DLL : 8.4.0.34 201079 Bytes 04.06.2013 15:47:43
AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 13:42:55
AECORE.DLL : 8.1.31.2 201080 Bytes 19.02.2013 13:57:26
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 14:00:38
AVWINLL.DLL : 13.6.0.1550 23608 Bytes 24.06.2013 09:20:40
AVPREF.DLL : 13.6.0.1550 48184 Bytes 24.06.2013 09:20:51
AVREP.DLL : 13.6.0.1550 175672 Bytes 24.06.2013 09:20:52
AVARKT.DLL : 13.6.0.1626 258104 Bytes 24.06.2013 09:20:45
AVEVTLOG.DLL : 13.6.0.1550 164920 Bytes 24.06.2013 09:20:48
SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 17:17:40
AVSMTP.DLL : 13.6.0.1550 59960 Bytes 24.06.2013 09:20:55
NETNT.DLL : 13.6.0.1550 13368 Bytes 24.06.2013 09:21:19
RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 28.11.2012 14:09:40
RCTEXT.DLL : 13.6.0.1624 67128 Bytes 24.06.2013 09:20:40
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\AVSCAN-20130624-114120-55AB0D22.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Montag, 24. Juni 2013 11:47
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Fehler in der ARK Library
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '169' Modul(e) wurden durchsucht
Durchsuche Prozess 'dwm.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'ASLDRSrv.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'GFNEXSrv.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'InsOnSrv.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'adminservice.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'fbguard.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'dashost.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'HeciServer.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'jhi_service.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrA.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ath_CoexAgent.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'fbserver.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'HControl.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'InsOnWMI.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '191' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'KBFiltr.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'DMedia.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD2.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'LiveComm.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvtray.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'RuntimeBroker.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVCpl64.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'BtTray.exe' - '104' Modul(e) wurden durchsucht
Durchsuche Prozess 'BtvStack.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'ACMON.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsusTPLoader.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'QuickGesture64.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'QuickGesture.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsusTPCenter.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'PDVD10Serv.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'brs.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'ACEngSvr.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'ActivateDesktop.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsusTPHelper.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'IntelMeFWService.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleUpdate.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '105' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '61' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1614' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <OS>
C:\Users\Björn\AppData\Local\Temp\tmp42c8efde\482.exe
[FUND] Ist das Trojanische Pferd TR/Bublik.I.16
C:\Users\Björn\AppData\Local\Temp\tmpd996f069\132.exe
[FUND] Ist das Trojanische Pferd TR/Bublik.I.12
C:\Users\Björn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\529d667b-4af6eee1
[0] Archivtyp: ZIP
--> Code$SystemClass.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723.PD
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
Beginne mit der Suche in 'D:\' <Data>
Beginne mit der Desinfektion:
C:\Users\Björn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\529d667b-4af6eee1
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723.PD
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54ad867b.qua' verschoben!
C:\Users\Björn\AppData\Local\Temp\tmpd996f069\132.exe
[FUND] Ist das Trojanische Pferd TR/Bublik.I.12
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4fc1a9dd.qua' verschoben!
C:\Users\Björn\AppData\Local\Temp\tmp42c8efde\482.exe
[FUND] Ist das Trojanische Pferd TR/Bublik.I.16
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1d9ef33a.qua' verschoben!
Ende des Suchlaufs: Montag, 24. Juni 2013 12:55
Benötigte Zeit: 1:07:06 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
40027 Verzeichnisse wurden überprüft
731802 Dateien wurden geprüft
3 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
3 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
731799 Dateien ohne Befall
6453 Archive wurden durchsucht
1 Warnungen
3 Hinweise
82 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
Dann defogger ausgeführt: Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:10 on 24/06/2013 (Björn)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=- OTL.txt : Code:
OTL logfile created on: 24.06.2013 13:12:06 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Björn\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16580)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,88 Gb Total Physical Memory | 6,29 Gb Available Physical Memory | 79,80% Memory free
9,07 Gb Paging File | 7,46 Gb Available in Paging File | 82,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,30 Gb Total Space | 77,93 Gb Free Space | 41,83% Space Free | Partition Type: NTFS
Drive D: | 258,44 Gb Total Space | 256,24 Gb Free Space | 99,15% Space Free | Partition Type: NTFS
Computer Name: BJÖRN-LAPTOP | User Name: Björn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.06.24 13:10:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Björn\Desktop\OTL.exe
PRC - [2013.06.24 11:21:21 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.06.24 11:20:49 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.06.24 11:20:49 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.03.12 07:32:58 | 000,506,744 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2013.02.04 19:56:12 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.10.31 13:09:50 | 000,020,352 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
PRC - [2012.09.29 20:18:26 | 000,323,584 | R--- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2012.09.17 11:27:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.09.14 15:14:16 | 000,328,064 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2012.09.11 18:06:52 | 000,184,704 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2012.09.11 16:01:34 | 000,107,192 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2012.09.11 16:01:30 | 000,192,000 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe
PRC - [2012.09.11 13:41:14 | 000,106,880 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2012.08.31 21:27:20 | 000,590,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
PRC - [2012.07.17 18:54:20 | 000,178,848 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2012.07.17 11:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.07.17 11:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.07.17 11:10:24 | 000,128,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012.07.17 11:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.05.28 12:04:48 | 000,113,312 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2012.05.23 02:48:42 | 000,078,352 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2012.04.13 12:14:00 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
PRC - [2012.03.28 20:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2011.11.21 16:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2008.06.13 14:24:02 | 000,081,920 | ---- | M] (Firebird Project) -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe
PRC - [2008.06.13 14:22:50 | 002,723,840 | ---- | M] (Firebird Project) -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe
========== Modules (No Company Name) ==========
MOD - [2012.09.11 16:01:28 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013.04.09 06:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013.03.02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013.03.02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013.02.02 10:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013.01.29 03:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012.09.20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012.09.20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012.04.20 16:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2013.06.24 11:21:21 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.06.24 11:20:49 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.02.28 19:09:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.02.04 19:56:12 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012.09.29 21:01:56 | 000,220,288 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2012.09.29 20:18:26 | 000,323,584 | R--- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt and Wlan Coex Agent)
SRV - [2012.09.17 11:27:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.09.11 13:41:14 | 000,106,880 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2012.08.31 04:35:20 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012.07.17 11:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.07.17 11:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.07.17 11:10:24 | 000,128,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012.07.17 11:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.05.23 10:48:42 | 000,243,728 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2012.04.13 12:14:00 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011.11.21 16:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2008.06.13 14:24:02 | 000,081,920 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2008.06.13 14:22:50 | 002,723,840 | ---- | M] (Firebird Project) [On_Demand | Running] -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.04.09 07:27:43 | 000,284,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013.03.29 22:58:01 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.29 22:58:01 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.29 22:58:01 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.03.02 12:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013.03.02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013.03.02 12:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013.03.02 12:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013.03.02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013.02.02 13:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013.02.02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013.01.29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013.01.29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012.10.31 13:09:56 | 000,061,824 | ---- | M] (ASUS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsusTP.sys -- (ATP)
DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012.10.08 12:42:36 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012.09.29 20:43:20 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012.09.20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012.09.20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012.09.19 02:15:20 | 003,653,632 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:64bit: - [2012.09.18 14:51:54 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2012.09.02 03:01:56 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012.08.31 04:35:08 | 009,000,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.08.27 05:11:04 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012.08.02 05:22:48 | 000,014,992 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2012.07.30 18:04:12 | 000,690,832 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012.07.02 09:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.06.13 12:24:00 | 000,252,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2012.06.02 16:34:37 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2012.06.02 16:31:50 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2012.06.02 16:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)
DRV:64bit: - [2012.05.31 05:47:44 | 000,021,152 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsHIDSwitch64.sys -- (HIDSwitch)
DRV - [2011.09.07 11:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009.07.02 19:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.net/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0a1
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 24.0a1\extensions\\Components: C:\PROGRAM FILES\NIGHTLY\COMPONENTS
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 24.0a1\extensions\\Plugins: C:\PROGRAM FILES\NIGHTLY\PLUGINS
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore
[2013.06.07 15:38:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Björn\AppData\Roaming\mozilla\Extensions
[2013.06.09 21:41:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Björn\AppData\Roaming\mozilla\Firefox\Profiles\o7rljfli.default\extensions
[2013.06.09 21:41:49 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Björn\AppData\Roaming\mozilla\firefox\profiles\o7rljfli.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - Extension: Google Docs = C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Battlefield Play4Free = C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0\
CHR - Extension: Google Mail = C:\Users\Björn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
O4:64bit: - HKLM..\Run: [BtTray] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros)
O4:64bit: - HKLM..\Run: [BtvStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe (ASUS Cloud Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - Startup: C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AsusTPLauncher - Verknüpfung.lnk = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe (AsusTek)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11DC610E-269B-4F76-A7DB-CBFB758D0859}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56A97C74-4CAD-41E1-850E-506B76A221CA}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.06.24 13:10:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Björn\Desktop\OTL.exe
[2013.06.07 15:38:23 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Roaming\Mozilla
[2013.06.07 15:38:18 | 000,000,000 | ---D | C] -- C:\Program Files\Nightly
[2013.06.07 15:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.06.07 15:06:40 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Local\Deployment
[2013.06.07 15:06:40 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Local\Apps
[2013.06.07 13:04:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2013.06.07 00:37:14 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Roaming\Identities
[2013.06.07 00:36:49 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Roaming\Syehym
[2013.06.07 00:36:49 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Roaming\Nyhet
[2013.06.07 00:36:49 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Roaming\Inkued
[2013.05.28 11:15:07 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Local\Activision
========== Files - Modified Within 30 Days ==========
[2013.06.24 13:10:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Björn\Desktop\OTL.exe
[2013.06.24 13:10:22 | 000,000,000 | ---- | M] () -- C:\Users\Björn\defogger_reenable
[2013.06.24 13:02:58 | 000,050,477 | ---- | M] () -- C:\Users\Björn\Desktop\Defogger.exe
[2013.06.24 11:44:44 | 000,000,401 | ---- | M] () -- C:\Users\Björn\AppData\Roaming\sp_data.sys
[2013.06.24 11:44:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.24 11:42:13 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.06.24 11:42:04 | 2474,233,855 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.24 11:21:30 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.06.23 20:57:12 | 000,282,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.06.23 20:57:12 | 000,282,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.06.23 20:57:04 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.06.23 11:02:24 | 001,745,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.23 11:02:24 | 000,753,134 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.23 11:02:24 | 000,710,244 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.23 11:02:24 | 000,155,826 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.23 11:02:24 | 000,132,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.21 09:18:17 | 000,002,002 | ---- | M] () -- C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AsusTPLauncher - Verknüpfung.lnk
[2013.06.20 14:07:52 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.06.07 15:38:19 | 000,000,864 | ---- | M] () -- C:\Users\Public\Desktop\Nightly.lnk
[2013.06.07 15:07:03 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.07 14:37:18 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2013.06.07 00:44:11 | 000,308,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.27 17:37:11 | 000,000,221 | ---- | M] () -- C:\Users\Björn\Desktop\Call of Duty Black Ops - Multiplayer.url
========== Files Created - No Company Name ==========
[2013.06.24 13:10:22 | 000,000,000 | ---- | C] () -- C:\Users\Björn\defogger_reenable
[2013.06.24 13:03:00 | 000,050,477 | ---- | C] () -- C:\Users\Björn\Desktop\Defogger.exe
[2013.06.21 09:18:17 | 000,002,002 | ---- | C] () -- C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AsusTPLauncher - Verknüpfung.lnk
[2013.06.07 15:38:34 | 000,000,894 | ---- | C] () -- C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nightly.lnk
[2013.06.07 15:38:19 | 000,000,876 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightly.lnk
[2013.06.07 15:38:19 | 000,000,864 | ---- | C] () -- C:\Users\Public\Desktop\Nightly.lnk
[2013.06.07 15:09:00 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.06.07 15:07:03 | 000,001,130 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.07 14:37:18 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2013.06.07 13:20:46 | 000,001,440 | ---- | C] () -- C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.06.07 00:44:04 | 000,308,656 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.27 17:37:11 | 000,000,221 | ---- | C] () -- C:\Users\Björn\Desktop\Call of Duty Black Ops - Multiplayer.url
[2012.12.20 20:19:00 | 000,000,997 | ---- | C] () -- C:\Windows\eReg.dat
[2012.12.20 19:58:12 | 000,282,104 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.12.20 19:58:10 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.12.19 21:18:00 | 000,000,401 | ---- | C] () -- C:\Users\Björn\AppData\Roaming\sp_data.sys
[2012.11.12 13:59:56 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012.10.10 11:38:37 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012.10.10 11:38:13 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.10.10 11:38:08 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012.08.17 02:52:29 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2012.08.17 02:52:28 | 000,000,217 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.07.25 22:22:56 | 000,267,284 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012.07.25 22:22:54 | 000,963,376 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012.04.20 15:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
========== ZeroAccess Check ==========
[2013.01.27 14:26:19 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.03.06 08:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.03.06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.05.03 17:35:11 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\.minecraft
[2012.12.19 21:18:04 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\ASUS WebStorage
[2013.06.24 11:40:49 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Inkued
[2013.06.23 11:19:20 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Nettalk
[2013.06.23 21:22:54 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Nyhet
[2012.12.30 14:22:04 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\OpenOffice.org
[2013.01.27 14:28:44 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\PunkBuster
[2013.04.27 19:52:24 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Red Alert 3
[2013.05.02 20:38:22 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\soft-evolution
[2013.06.07 00:36:49 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Syehym
[2013.05.02 20:22:27 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Thunderbird
[2013.05.19 22:53:05 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\TS3Client
========== Purity Check ==========
< End of report > Extras.txt : Code:
OTL Extras logfile created on: 24.06.2013 13:12:06 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Björn\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16580)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,88 Gb Total Physical Memory | 6,29 Gb Available Physical Memory | 79,80% Memory free
9,07 Gb Paging File | 7,46 Gb Available in Paging File | 82,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,30 Gb Total Space | 77,93 Gb Free Space | 41,83% Space Free | Partition Type: NTFS
Drive D: | 258,44 Gb Total Space | 256,24 Gb Free Space | 99,15% Space Free | Partition Type: NTFS
Computer Name: BJÖRN-LAPTOP | User Name: Björn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Nightly\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1DB30128-CAAD-4F65-BBC3-76D2694B774E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2C764D02-DEEC-43CA-9EDD-46C0C8310A98}" = lport=2869 | protocol=6 | dir=in | app=system |
"{49745B49-D978-4302-A57A-C39A096A4D2A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4AC1C9AA-B58D-43EF-B37F-DDCC7D38E7DD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4F3D0493-1CB2-463B-90C6-36FB89AF81F3}" = rport=138 | protocol=17 | dir=out | app=system |
"{58ACFE8D-EEAF-417F-82BF-FE2C835099C8}" = lport=445 | protocol=6 | dir=in | app=system |
"{78CBA602-B953-43F9-A21B-2B086A54E8C4}" = rport=139 | protocol=6 | dir=out | app=system |
"{7C73DD50-BFD0-4018-8CDA-C69FA428AB79}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8CDB0A1E-5C7C-4A8D-BE02-07F6F93B3FB7}" = lport=137 | protocol=17 | dir=in | app=system |
"{A86699EB-C040-4969-BA2A-EAABDDAD2BB3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C31A9B3E-4439-4A0A-9EAF-312918FFAD38}" = lport=139 | protocol=6 | dir=in | app=system |
"{C39CE29C-E3F7-4A0A-832B-74E05B56F4EF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CF433284-E667-4647-A2FC-7E8D8C932BDD}" = lport=138 | protocol=17 | dir=in | app=system |
"{E163E413-E00B-47AE-B442-A8F2BEC2A580}" = rport=445 | protocol=6 | dir=out | app=system |
"{E1E99801-6AD9-4D1F-B1BC-5B1E8B3E02E2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E30B4BFC-4CBA-4A43-B7F3-E40528662A44}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E8220470-4DD4-4D19-ACF7-772C7FEEB091}" = rport=137 | protocol=17 | dir=out | app=system |
"{ED05C51E-6049-46FF-BF05-637931318EA6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F18DFBE0-8060-4057-B48A-0AE78550203A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F883DF13-5737-4009-A2A1-7B3559A5EB7B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F91CE2C9-19BF-4571-B3C3-C6C09CB6263F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0257213F-81EA-49CE-B072-EF56B18E6B7B}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{0531DB10-7211-4709-B430-41FF3A5EAA63}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{09CB921B-6A6F-40A8-AE19-D207E5B1CE94}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0AF466EA-9100-4FE2-92C4-0EB55B639BC3}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"{132ECEC3-EA2D-484E-872C-F313087E1F36}" = dir=in | name=pinball fx2 |
"{1620D5C7-DFD8-4C81-BEEC-910F1E946C7C}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{16781556-A2A1-4464-8EF1-6E7DE5BCD1B7}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{19259529-4BB1-4999-A2EB-BCE898A39261}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{192A77A3-C923-4BDD-81DD-0A703B1687F8}" = dir=out | name=@{microsoft.xboxcompanion_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{23DA068A-9079-427B-84F9-443BE7FCB3E4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{24A1E02C-F962-4541-B0C0-4EC9A0DCC8CB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{28FFA28B-EC67-4939-860E-B1EDFF254D52}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{37F34A18-C72B-489B-8B42-1333EAA9021D}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{3BEFB895-6FEB-4DD6-A7F1-4BEF7868E189}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3FC44076-5F1F-49F2-BB69-94D8B0A4C39F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{42080DEE-8BD2-4D71-BCF8-655AED036704}" = dir=out | name=fresh paint |
"{48411306-941C-4433-86CA-0A0EDDAFE8D6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{49853FB6-6678-4DAD-B297-385E045DFD5E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{4AAB38C9-AE21-424D-949C-3B120C9D32BE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{4B8F7EAE-8D20-4390-A9CB-F4790BED751F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{4C6882B8-E18B-4B55-9028-E8E04D207351}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{580C2B1B-6062-4B0A-8AB8-E12EA9C5639C}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{58D492E4-FB44-4099-951A-046CDECD4CBB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6090753C-39F9-4F77-864D-414102E323B3}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{63BA8C6E-3085-42AD-8DD6-5E0746CF852A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6773E072-BD21-47AC-8A0A-4C72F50D7993}" = dir=out | name=pinball fx2 |
"{69742AA8-E211-4A93-98A3-9633D9F4D307}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{69F958A0-1D93-4ABF-B64C-E83EF92DBF54}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{6F6BED0C-21E7-4874-9546-B190F63F69C6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{735D46E4-1F4E-4EC7-A0E4-03B7FB5FC7A8}" = dir=in | name=@{microsoft.xboxcompanion_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{74156EAD-AF96-486E-90EF-AD08B71EF39B}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{768B6232-DF36-4B26-B0D9-5A3EDD4D7B0E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{77D77137-2F23-41F5-B255-D6CA00983B62}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{78AADF46-F9F8-405D-B8A7-AEBE1A20853B}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{8167544A-7EE7-4A18-B9EB-409B703EF12D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{81ADA9B8-2321-48DF-B89C-D11B8557EC87}" = dir=out | name=microsoft solitaire collection |
"{8345FF6A-36E1-4C80-9015-E8C45539700C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{85132256-41E7-42E3-8E1D-53A81FDB65CD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{8998C43F-DCC2-49F5-BCAF-89AEEB5A731B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{89E9AEA0-685B-4F94-96DD-F83F2BC2FFB2}" = dir=out | name=taptiles |
"{8A8AC3C3-5EDE-4AA2-AFF4-9D4034B07805}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{8F59D892-D0C3-4AEE-888C-E2A23A5CE61C}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{90BD139E-63F2-4492-9ADE-B83DD384E44D}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{9355C492-1C72-4999-AA07-D1EB0FCCE807}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{96F9983D-5C52-49CE-AA1C-3693238D3720}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{97ADC3D6-0FAE-42B2-B732-4BF40C432CA6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{99024631-F501-4D98-BD41-62FC30FD62A1}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{9986A81A-DACE-42A4-94AE-647E20A096AB}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{A0BEB4B6-6138-4E07-BE57-BFE0E95B8169}" = dir=out | name=windows_ie_ac_001 |
"{A2F237B7-9B34-4127-AA97-33688CAFD1FD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A8832A51-A1E7-4C89-865C-E0D338A7F3F1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AE5D1A88-FEDD-4392-A7C1-DB87A4A259ED}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B0668A07-E7BF-4763-856A-7E8959B00C03}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B9EB4597-EE75-4DA2-B620-1F74A9B1BF00}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{BE8BAC3B-0DB0-4A40-9BCA-E6E0E69A2F2C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{C1522ABF-1260-43B1-949C-F58BEBA5441C}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{C272666E-C60C-4EA8-B8FB-700929F3B944}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C5D24E62-AE72-4DCF-9CFC-1721D3DA9474}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"{C73576E4-BEC7-43DE-806F-4BAEC1EF568A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CCD95099-E1FA-48D7-9E0C-B7491DE5B1D6}" = protocol=6 | dir=out | app=system |
"{CF1CC6E0-CFC5-46D4-88AA-9F7E13AC0295}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CF5FF165-AE09-4BA8-9DC3-D8B3A4BE1515}" = dir=out | name=wordament |
"{D13B4EE2-9300-48A4-A491-7763DF293014}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{D1CFA937-FF75-48F0-AA64-91C449E62741}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{D4E60113-FE05-440B-B6B5-1A27EC75BB7E}" = dir=out | name=adera |
"{D942071F-5147-4868-BD64-37F144671C0E}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E7E06026-2292-427D-94BC-C7615C68EA5D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E955B10C-2EF6-4D0F-8554-A353BC362984}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{EE01E28A-5D1A-4A0E-8120-A7739F6F66CA}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{EE20C8BF-2343-41CE-8FE4-971A53654BF1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EEEBDF30-19AB-4A2F-AF33-310C7BD5BF12}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{F1CC9056-1CAF-496D-8B66-2ADF3123ED76}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{F281421C-7F6F-4435-94C9-4194FB7E6C78}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{FC90BCFF-06C8-42B4-9699-273BE5E871B9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"TCP Query User{191AB034-506F-46D9-98D4-198352886305}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"TCP Query User{9CEDD333-9565-48FC-B722-69DF29AB64A5}D:\programme\battlefield play 4 free\bfp4f.exe" = protocol=6 | dir=in | app=d:\programme\battlefield play 4 free\bfp4f.exe |
"TCP Query User{A18940D8-FA9B-431B-A354-61D441072A28}C:\program files (x86)\sega\medieval ii total war\medieval2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sega\medieval ii total war\medieval2.exe |
"TCP Query User{A7EA524C-D391-4FE6-BF92-327E3E03061A}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{B53AC26B-162C-4217-ADE8-C476023E8385}C:\program files (x86)\thq\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
"TCP Query User{B604E2B0-A91D-466A-9678-03F26FF75683}C:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{BCB7B895-B968-461F-9F52-35E3C39BA34E}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{F94E767E-47EB-4C1D-A6EA-F77F220A1987}C:\program files (x86)\electronic arts\alarmstufe rot 3\data\ra3_1.0.game" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\alarmstufe rot 3\data\ra3_1.0.game |
"UDP Query User{32C8D364-1414-4CF7-BA73-337D4B4E9E9A}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"UDP Query User{37B7AB01-8FCD-4BA9-8BFC-7A389DD37F0A}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{46846C52-0A1E-425A-B136-5019F9D4A157}D:\programme\battlefield play 4 free\bfp4f.exe" = protocol=17 | dir=in | app=d:\programme\battlefield play 4 free\bfp4f.exe |
"UDP Query User{49D38696-0642-48C9-A2AB-A544C21AD2E1}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{576C4140-F412-4C44-8BB9-9CF3A1E30318}C:\program files (x86)\sega\medieval ii total war\medieval2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sega\medieval ii total war\medieval2.exe |
"UDP Query User{63947E43-C3D8-4984-AC46-09E6B7FE9828}C:\program files (x86)\electronic arts\alarmstufe rot 3\data\ra3_1.0.game" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\alarmstufe rot 3\data\ra3_1.0.game |
"UDP Query User{6698244C-DC58-4CEE-98C6-9BBAF0543308}C:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{F0DA1736-4445-453E-92CD-C9A6DF7A3F15}C:\program files (x86)\thq\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0613
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"19BB77B03643718D26B01876FD391DC93B189805" = Windows-Treiberpaket - ASUS (ATP) Mouse (10/13/2012 1.0.0.146)
"C01F56FBD9B141017E63E2A1A141E59934D4DC67" = Windows-Treiberpaket - ASUS (ATP) Mouse (10/29/2012 1.0.0.148)
"CCleaner" = CCleaner
"Nightly 24.0a1 (x64 en-US)" = Nightly 24.0a1 (x64 en-US)
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{211DC3C2-07B5-4C1D-86FB-EE2860E620DD}" = S4 League_EU
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D3286A6-F6AB-498A-82A4-E4F040529F3D}" = ASUS Smart Gesture
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{58172D66-2F69-4215-9AEC-ED8196023736}" = ASUS Tutor
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{749F674B-2674-47E8-879C-5626A06B2A91}" = ASUS InstantOn
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}" = ASUS Instant Connect
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{DC06C90B-C5BE-42F6-B74D-A9503170998C}" = ASUS Product Demo Movie
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS WebStorage" = ASUS WebStorage Sync Agent
"Avira AntiVir Desktop" = Avira Free Antivirus
"Company of Heroes" = Company of Heroes
"Diablo III" = Diablo III
"FBDBServer_2_1_is1" = Firebird 2.1.1.17910 (Win32)
"Google Chrome" = Google Chrome
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"Nettalk_is1" = Nettalk 6.7
"PunkBusterSvc" = PunkBuster Services
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free (Björn)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.06.2013 07:11:33 | Computer Name = Björn-Laptop | Source = Software Protection Platform Service | ID = 16385
Description = Fehler beim Planen des Softwareschutzdiensts für den erneuten Start
bei 2113-05-31T11:11:33Z. Fehlercode: 0x80040154.
Error - 24.06.2013 07:12:03 | Computer Name = Björn-Laptop | Source = Software Protection Platform Service | ID = 16385
Description = Fehler beim Planen des Softwareschutzdiensts für den erneuten Start
bei 2113-05-31T11:12:03Z. Fehlercode: 0x80040154.
Error - 24.06.2013 07:12:33 | Computer Name = Björn-Laptop | Source = Software Protection Platform Service | ID = 16385
Description = Fehler beim Planen des Softwareschutzdiensts für den erneuten Start
bei 2113-05-31T11:12:33Z. Fehlercode: 0x80040154.
Error - 24.06.2013 07:13:03 | Computer Name = Björn-Laptop | Source = Software Protection Platform Service | ID = 16385
Description = Fehler beim Planen des Softwareschutzdiensts für den erneuten Start
bei 2113-05-31T11:13:03Z. Fehlercode: 0x80040154.
Error - 24.06.2013 07:13:33 | Computer Name = Björn-Laptop | Source = Software Protection Platform Service | ID = 16385
Description = Fehler beim Planen des Softwareschutzdiensts für den erneuten Start
bei 2113-05-31T11:13:33Z. Fehlercode: 0x80040154.
Error - 24.06.2013 07:14:03 | Computer Name = Björn-Laptop | Source = Software Protection Platform Service | ID = 16385
Description = Fehler beim Planen des Softwareschutzdiensts für den erneuten Start
bei 2113-05-31T11:14:03Z. Fehlercode: 0x80040154.
Error - 24.06.2013 07:14:33 | Computer Name = Björn-Laptop | Source = Software Protection Platform Service | ID = 16385
Description = Fehler beim Planen des Softwareschutzdiensts für den erneuten Start
bei 2113-05-31T11:14:33Z. Fehlercode: 0x80040154.
Error - 24.06.2013 07:15:03 | Computer Name = Björn-Laptop | Source = Software Protection Platform Service | ID = 16385
Description = Fehler beim Planen des Softwareschutzdiensts für den erneuten Start
bei 2113-05-31T11:15:03Z. Fehlercode: 0x80040154.
Error - 24.06.2013 07:15:33 | Computer Name = Björn-Laptop | Source = Software Protection Platform Service | ID = 16385
Description = Fehler beim Planen des Softwareschutzdiensts für den erneuten Start
bei 2113-05-31T11:15:33Z. Fehlercode: 0x80040154.
Error - 24.06.2013 07:16:03 | Computer Name = Björn-Laptop | Source = Software Protection Platform Service | ID = 16385
Description = Fehler beim Planen des Softwareschutzdiensts für den erneuten Start
bei 2113-05-31T11:16:03Z. Fehlercode: 0x80040154.
[ System Events ]
Error - 06.04.2013 14:37:31 | Computer Name = Björn-Laptop | Source = bowser | ID = 8003
Description =
Error - 06.05.2013 09:44:17 | Computer Name = Björn-Laptop | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 06.05.2013 09:44:17 | Computer Name = Björn-Laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 06.05.2013 15:09:46 | Computer Name = Björn-Laptop | Source = bowser | ID = 8003
Description =
Error - 14.05.2013 13:34:13 | Computer Name = Björn-Laptop | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.2.101 registriert werden. Der Computer mit IP-Adresse 192.168.2.103
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 27.05.2013 04:32:54 | Computer Name = Björn-Laptop | Source = bowser | ID = 8003
Description =
Error - 27.05.2013 11:21:26 | Computer Name = Björn-Laptop | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (180000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 27.05.2013 11:21:26 | Computer Name = Björn-Laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 06.06.2013 18:37:43 | Computer Name = Björn-Laptop | Source = DCOM | ID = 10010
Description =
Error - 08.06.2013 12:28:43 | Computer Name = Björn-Laptop | Source = bowser | ID = 8003
Description =
< End of report > gmer.txt : Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-24 13:50:36
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000045 ST500LM012_HN-M500MBB rev.2AR10001 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\BJRN~1\AppData\Local\Temp\pglcypog.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\system32\ntoskrnl.exe!KiCpuId + 988 fffff801288cb41c 1 byte [31]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1152] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fcb94c1532 4 bytes [4C, B9, FC, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1152] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fcb94c153a 4 bytes [4C, B9, FC, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1152] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fcb94c165a 4 bytes [4C, B9, FC, 07]
.text C:\Windows\system32\nvvsvc.exe[1164] C:\Windows\system32\MSIMG32.dll!GradientFill + 690 000007fcb94c1532 4 bytes [4C, B9, FC, 07]
.text C:\Windows\system32\nvvsvc.exe[1164] C:\Windows\system32\MSIMG32.dll!GradientFill + 698 000007fcb94c153a 4 bytes [4C, B9, FC, 07]
.text C:\Windows\system32\nvvsvc.exe[1164] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246 000007fcb94c165a 4 bytes [4C, B9, FC, 07]
.text C:\Windows\system32\nvvsvc.exe[1164] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fcbccf177a 4 bytes [CF, BC, FC, 07]
.text C:\Windows\system32\nvvsvc.exe[1164] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fcbccf1782 4 bytes [CF, BC, FC, 07]
.text C:\Windows\Explorer.EXE[2588] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fcb94c1532 4 bytes [4C, B9, FC, 07]
.text C:\Windows\Explorer.EXE[2588] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fcb94c153a 4 bytes [4C, B9, FC, 07]
.text C:\Windows\Explorer.EXE[2588] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fcb94c165a 4 bytes [4C, B9, FC, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3268] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fcb94c1532 4 bytes [4C, B9, FC, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3268] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fcb94c153a 4 bytes [4C, B9, FC, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3268] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fcb94c165a 4 bytes [4C, B9, FC, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3544] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fcb94c1532 4 bytes [4C, B9, FC, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3544] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fcb94c153a 4 bytes [4C, B9, FC, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3544] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fcb94c165a 4 bytes [4C, B9, FC, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[3556] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fcb94c1532 4 bytes [4C, B9, FC, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[3556] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fcb94c153a 4 bytes [4C, B9, FC, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[3556] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fcb94c165a 4 bytes [4C, B9, FC, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3564] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fcb94c1532 4 bytes [4C, B9, FC, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3564] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fcb94c153a 4 bytes [4C, B9, FC, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3564] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fcb94c165a 4 bytes [4C, B9, FC, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3564] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fcabe61b32 4 bytes [E6, AB, FC, 07]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[3564] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fcabe61b3a 4 bytes [E6, AB, FC, 07]
.text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[4084] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fcb94c1532 4 bytes [4C, B9, FC, 07]
.text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[4084] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fcb94c153a 4 bytes [4C, B9, FC, 07]
.text C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe[4084] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fcb94c165a 4 bytes [4C, B9, FC, 07]
.text C:\Windows\system32\igfxpers.exe[3816] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fcbccf177a 4 bytes [CF, BC, FC, 07]
.text C:\Windows\system32\igfxpers.exe[3816] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fcbccf1782 4 bytes [CF, BC, FC, 07]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2832] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fcabe61b32 4 bytes [E6, AB, FC, 07]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2832] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fcabe61b3a 4 bytes [E6, AB, FC, 07]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [608:632] fffff9600080d5e8
Thread [1452:1520] 00000000772850a7
Thread [1452:1528] 0000000076038064
Thread [1452:1552] 00000000746bc59c
Thread [1452:1656] 00000000746bc59c
Thread [1452:1660] 00000000746bc59c
Thread [1452:1664] 00000000746bc59c
Thread [1452:1676] 00000000745e304c
Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [3140:3632] 000007fcbec5e400
Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [3140:4752] 000007fcbeb5b248
Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [3140:4576] 000007fcb28077b0
Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [3140:4248] 000007fcb28077b0
Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [3140:4856] 000007fcbc005990
Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe [3140:4912] 000007fcbcadb364
Thread C:\Windows\SYSTEM32\ntdll.dll [892:2104] 00000000011c44e1
Thread C:\Windows\SYSTEM32\ntdll.dll [892:580] 0000000070d78c4c
Thread C:\Windows\SYSTEM32\ntdll.dll [892:1220] 0000000070d78f21
Thread C:\Windows\SYSTEM32\ntdll.dll [892:3372] 0000000070d78822
Thread C:\Windows\SYSTEM32\ntdll.dll [892:1768] 00000000728f97fe
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ---- Ich hoffe sehr, dass ihr mir helfen könnt mein System wieder vollständig zu säubern :)
Viele Grüße
Björn |